Procmail Recipe
Please to enjoy my collection of procmail recipes.
PATH=/bin:/usr/bin:/usr/local/bin
MAILDIR=$HOME/mail
LOGFILE=$HOME/.procmail/procmail_log.`date +%F_%H:00`
#LOGFILE=/dev/null
VERBOSE=on
SENDMAIL=/usr/lib/sendmail
FROM=formail -x from:
#BLACKLIST=$HOME/.procmail/blacklist
####################################################################
# move large attachements right away
####################################################################
# Filter large messages/attachments into a folder and
# notify the sender. 102400 = 100k
#:0:
#* (^TO|^From).*(interactnetworks|lockdownnetworks).*
#* > 307200
# {
# :0c
# | (formail -r -I 'Precedence: junk' \
# -A 'X-Loop: YOUR_NAME_HERE@lockdownnetworks.com' ; \
# echo -n 'This is an automatic reply.\nPlease do NOT email me attachments over 300k.\n'; \
# echo 'Place it on \\\\gabriel\\temp or on \\\\inifile\nThis is why we have a network.'; \
# echo '-- '; \
# echo 'YOUR_NAME_HERE PRIVATE x104';
# ## cat $HOME/.signature \
# ) | $SENDMAIL -oi -t
#
# :0
# Morons
# }
# Filter large messages/attachments into a folder and
# notify the sender. 102400 = 100k
:0:
* > 1024000
{
:0c
| (formail -r -I 'Precedence: junk' \
-A 'X-Loop: YOUR_NAME_HERE@YOUR_NAME_HERE.com' ; \
echo -n 'This is an automatic reply\nPlease do NOT email me attachments over 1MB.\n'; \
echo 'Send me a link to the file, or upload it to ftp://ftp.YOUR_NAME_HERE.com/INCOMING/.'; \
echo '-- '; \
cat $HOME/.signature \
) | $SENDMAIL -oi -t
:0
Morons
}
:0
* ^From.*(alerts@reply.yahoo.com).*
{
:0 c
! YOUR_CELL_HERE@mobile.mycingular.com
:0
SMS
}
#:0
#* ^FROM.*(nagios|mascorp.com).*
#{
# :0 c
# ! YOUR_CELL_HERE@mobile.mycingular.com
#
## :0
## SMS
#}
####################################################################
# anti-spam
####################################################################
# known spammer sites
#:0
#* ? (formail -x Reply-To: -x Return-path: -x To: -x From: -x Sender: | fgrep -q -i -f $BLACKLIST)
#spam
# mail from IP numbers that can't exist (usually Spamford Wallace/cyberpromo)
#:0
#* ^Received.*\[[0-9\.]*([03-9][0-9][0-9]|2[6-9][0-9]|25[6-9])
#spam
# matching To: and From: or Sender: line
# note that this rule is a little overzealous.
# I should probably catch anything from someone that I know
# and file it +inbox first, in case a friend bcc's us.
#:0
#*^TO\/.*
#*$^(From:|Sender:)$MATCH
#spam
#lacking a To: line
#:0:
#* !? (grep -q ^To: )
#spam
#lacking a From: line
#:0:
#* !? (grep -q ^From: )
#spam
#This is probably the single best recipie ever!
#I think it's filtered out about 1/3 of my total spam.
#missing a Date: header field
:0
* ! ^Date:
/dev/null
:0:
* ^FROM:.*(pfizer|viagra|cialis|Men's Health).*
/dev/null
#email of the form numbers@
:0:
* ^From: [0-9]+@.*
#* ^TO[0-9]+@.*
spam
# purely numeric address.
:0:
* ^From:.*( |<)[0-9]+@
spam
#email of the form something@numbers.com
:0:
* ^From: @[0-9]+\.com$
#* ^TO.*@[0-9]+\.com$
spam
#email of the form numbers@
:0:
* ^TO[0-9]+@.*
spam
#test if the subject is empty or if the subject field is missing altogether
:0:
* 1^0 ^Subject:([ ]$|$)
* 1^0 !^Subject:
/dev/null
#spam
#test if missing or an empty "From:" line in the header
:0:
* 1^0 ^From:([ ]$|$)
* 1^0 ! ^From:
#A catch: Don't use here the word-boundary operators \< \> Use just the plain <>
* 1^0 ^From:.*<>
/dev/null
#that red virus
:0 B
* ^(Hi! How are you\?|I send you this file in order to have your advice)
/dev/null
:0 B
* You are receiving this e-mail because you subscribed to MSN Featured Offers
spam
# Suspect countries, mail from these is usually spam a few false-positives here, but mostly accurate
:0:
#* ^From:.*\.(ro|tw|ru|cn|kr|sk|tr|ar|pk)([ >]|$)
* ^From:.*\.(tw|cn|kr|sk|tr|pk|ru|jp)([ >]|$)
/dev/null
:0:
* ^Subject: (Monthly Payments Keep Rising.|Re: Order status|RE: Message|RE:[ ]?Message[\s]*?|Your order|Delivery Status Notification.*)$
/dev/null
:0:
* ^Subject:.*([0-9a-zA-Z]+ wrote:|[0-9a-zA-Z]+ here :\)|it.s [0-9a-zA-Z]+ :|hi it.s [0-9a-zA-Z]+).*
/dev/null
:0:
* ^Subject: (it me [0-9a-zA-Z]+|[0-9a-zA-Z]+ check this.|Greetings [0-9a-zA-Z]+|[0-9a-zA-Z]+ advice|It ready|[0-9a-zA-Z]+ FINANCIAL REPORT)
/dev/null
:0:
* ^Subject:.*(Submariner|acai|swiss branded watch|rolex|wristwatches|replica watch|w4tches|timepieces|chronograhps|pharmacy|VPXL|pepsi|hoodai|hoodia|valium|xanax|accept credit cards|mortgages|Adult|adult listings|advertise to millions|bulk|creamed|debt|drains|earn|free tv|fortune|gambler|get paid to|get rid of|get up to|herbal|hgh|home owners|hotties|how to play|incest|inkjet|inkjets|irresistible girls|lenders looking for|lose fat|lose weight|low rates|lowest rates|make bigger|make money fast|norton|no tax|personal secrets|playstation|porn|prescription|promotional|prostate|reduce money|reverse aging|running so slow|septic|sexual|sizzling|tanning|toners|urinary|we pay|HGH...|rochelle gordon|oral b|penis|viagra|calculCleRib|Men's Health id|New software uploaded by |CNN Alerts|msnbc.com - BREAKING NEWS|I wanna chat with you|Thank you page|Negocios|stiffy in a jiffy|pfizer).*
/dev/null
:0:
* ^Subject:.*(page_YOUR_NAME_HERE).*
/dev/null
:0:
* ^FROM:.*(jna@retina.net|ScreenSaver3D|rochelle gordon|Logic.v.art|Snipe|telus.net|big@boss.com|MensHealth.com|pfizer).*
/dev/null
:0 B
* (symbol|company) *?: *?[A-Z][A-Z][A-Z][A-Z][ \n]*
/dev/null
:0 B
* .*Sy ?m ?bol: +[A-Z][A-Z][A-Z][A-Z].*
/dev/null
:0:
* ^Subject:.*(Paris|Hilton|Lohan|britney|spears).*
/dev/null
:0:
* B ?? .*(wristwatches|timepieces|chronograhps|penis|erection|viagra|peniis|every good trader knows|first rule of investing|We called it yesterday and now it.s up 100).*
/dev/null
:0:
* ^FROM.*Symantec_AntiVirus
* ^Subject:.*Returned mail.*
/dev/null
:0:
* ^Subject:.+? sent you a.+?card from.+?!
spam
:0:
* ^Subject:.*(MSG#:[0-9]+ ).*
/dev/null
# SoBig virus
:0
* ^X-MailScanner: Found to be clean
#* ^Date:.*\-\-[0-9][0-9][0-9][0-9]$
* ^X-Mailer: Microsoft Outlook Express 6.00.2600.0000
#* ! ^X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
* ^Subject: (Re: ?)?(((My|Your) )?Details|Approved|Thank you\!|That movie|Wicked screensaver|Your application)
/dev/null
:0
* ^FROM.*(Microsoft|MS).*
* ^Subject:.*(microsoft|Returned)?.*
* > 140000
/dev/null
#email of the form numbers@some.place.com
#:0
#* ^From: ^[0-9]+@\w+\.[-\.\w+]?
#/dev/null
#email of the form something@numbers.com
#:0
#* ^From: \w+([\.\w+])?@[0-9]+\.[\w+]?
#/dev/null
#:0
#* ^.*nobody@YOUR_NAME_HERE.com
#/dev/null
:0
* ^Subject: .*out of (the )?office
/dev/null
:0
* ^FROM.*MAILER-DAEMON.*
* ^Subject:.*(returned|failure|delivery|Warning:|Banned file:).*
/dev/null
:0
* ^FROM.*postmaster@.*
* ^Subject:.*(InterScan NT Alert|notification|echec de distribution).*
/dev/null
:0
* ^FROM.*virus.*
* ^Subject:.*virus.*
/dev/null
:0
* ^Subject:.*(Re:|Fw:|Undeliverable:).*Merry Christmas!.*
/dev/null
# This catches about 99% of deliberate viagra mispellings ie v1@GRa, v1agr@ etc
:0 H
* ^Subject.*[Vv][1jl\|][aA\@][Gg][Rr][Aa\@]
{
:0
/dev/null
}
# Redirect common virus attachments inc. zipped versions
:0 B
* name=.*(document|readme|doc|text|file|data|test|message|body)\.(vbs\"|wsf\"|vbe\"|wsh\"|hta\"|scr\"|pif\"|exe\"|shs\"|bat\"|bas\"|cmd\"|zip\")
{
:0
/dev/null
}
# Some more common virus attachments inc. zipped versions
:0 B
* name=.*(Attach|Information|Readme|Document|Info|TextDocument|Textfile|MoreInfo|Message|mystic|details|watch_me)\.(pif\"|zip\")
{
:0
/dev/null
}
# Redirect windows executables (note - haven't included exe and com
:0 B
* name=.*\.(vbs\"|wsf\"|vbe\"|wsh\"|hta\"|scr\"|pif\"|shs\"|bat\"|bas\"|scr\"|dll\")
{
:0
spam
}
# This one finds them annoying Custom Logo spams that seem to get past most filters
# :0 B
# * .*out\.php\?email\=(sales|info)\@
# {
# :0
# spam
# }
##########################################
# a1 - Filter out attachments of type vbs, exe, hta, scr, js, wma, chm, pif,bat and com.
# store this messages in mail account viruscontrol. This gives
# us a chance to examine the message for possible error in filtering.
:0B
* ^[ \t]*name.*\.(vbs|hta|scr|pif|js|bat|com|wma|chm)|\
^.*name.*\".*\.(vbs|hta|scr|pif|js|bat|com|wma|chm)\"|\
^Content-.*\".*\.(hta|vbs|scr|pif|js|bat|com|wma|chm)\"|\
^filename=.*\".*\.(hta|vbs|scr|pif|js|bat|com|wma|chm)\"|\
^name=.*\".*\.(hta|vbs|scr|pif|bat|mp3|com|wma|chm)\"|\
^name=.*.*\.(hta|vbs|scr|pif|bat|mp3|com|wma|chm)|\
^name=*.\.(hta|vbs|scr|pif|bat|mp3|wma|chm)|\
^.*name=.*\.(vbs|hta|scr|pif|bat|mp3|wma|chm)|\
^filename=.*\"worms.zip\"
{
:0
#/dev/null
spam
}
#ideally this should check if the two words are the same as the From: name
#but I don't know how to do that in procmail -- and apparently, nobody else does either. *sigh*
:0:
* ^Subject: from [a-zA-Z]+ [a-zA-Z]+
/dev/null
:0:
* ^Subject: RE: (Message |Travel #)[0-9]+
/dev/null
:0:
* ^Subject: RE: ?[a-zA-Z][a-zA-Z]\.Doctor [a-zA-Z]+
/dev/null
:0:
* ^Subject: from: [a-zA-Z]+ [a-zA-Z]+
/dev/null
# quite possibly the single best recipie I discovered thanks to spamassassin
:0:
* ^X-Spam-Status: Yes
#/dev/null
"Junk E-mail"
####################################################################
# other stuff
####################################################################
:0:
* (^TO|^From).*(job|jagent|techiegold|brassring|nettemps|notifications@zend.com|dice.com|imatch|LinkedIn|notchup).*
"Jobs/Job Prospects"
:0: surveillance
* ^From.*(trendnet|IP110W|IP422W).*
root/Surveillance
#:0:
#* ^From.*(portage).*
#root/portage
#this has to come up here b/c I'm subscribed with my symcell address and it will get filtered in the wrong order
:0: entrepreneurial
* (^TO|^From).*(seattletechstartups.com|nwen.org|tie.org|123signup|washingtontechnology.org|wsa.org|youngstartup).*
Lists/Entrepreneurial
####################################################################
# mailing lists
####################################################################
#:0:
#* (^TO|^From).*(lockdownnetworks|eeye.com|lists.osaddict.com|lockdown|esd.wa.gov).*
#Jobs/LockdownNetworks
:0:
* (^TO|^From).*(truthaboutabs|ftkirkland|fitnesstogether|nutritionexpress.com|24hourfit|vitaminshoppe|dpsnutrition|bowflex.com).*
Lists/Health
:0:
* ^To:.*(mail@|mailman@lists.|info@rollinballzcrew.com).*
/dev/null
:0:
* ^Subject.*(Shine).*
Lists/Shine
:0:
* (^TO|^From).*(jj.net|judgejules|ibiza|djcl|marq.org|uscevents|lastsupperclub|theheavensnightclub|chronus|scottkeith|clubcontour|twisted.ca|seesoundlounge|See Sound Lounge|nwtekno|lawrence|drugpolicy.org|ultramusic|johnnymonsoon|adsr.org|beatlabs.com|groovetickets|insomniacevents|igetin.com|9groupvegas|nextlevel|giantclub|djmag|lemaitre|spundae|anjunabeats|trafficevents|eflier@beatlabs.com|Nightlife Guru|Alvarado|NightlifeGuru|bradmiller|movingsun.com|fuzzylounge|chrispaape.com|wantickets.com|mondopromotions@gmail.com|goldclasscinemas|hushent@|nat-progression.com|contactcollier|evite.com|clairaudiant@yahoo.com|jason roberts|oneglobalevents.com|pacsci.org|smphq.com|2amhollywood.com|risepromotionla|incognitola|mikekoglin|alteregoevents.net|phase3events|redcubepdx).*
Lists/RBC
:0:
* (^TO|^From).*(rollinballzcrew|rbc-admin|party-admin|mailman-owner).*
Lists/RBC
:0:
* ^TO(root@YOUR_NAME_HERE|root@localhost)
"root/My Server"
:0:
* ^From.*(register.com|godaddy.com|dyndns|pingdom|dlink.com).*
"root/My Server"
#:0: symfony
#* (^TO|^From).*(symfony|symfony-users@googlegroups.com|symfony-devs@googlegroups.com).*
#Lists/Symfony
#:0: trac
#* (^TO|^From).*trac-users@googlegroups.com.*
#Lists/Trac
#:0: svn
#* (^TO|^From).*@subversion.tigris.org.*
#Lists/Subversion
:0: PHP
* (^TO|^From).*(lists.php.net|phpclasses.org|PHP Classes|seaphp|zend).*
Lists/PHP
:0:
* (^TO|^From).*(mysql|webyog|modelright).*
Lists/mySQL
:0:
* ^From.*(doubleyourdates.com|doubleyourdating|mehow.tv|neilstrauss|strauss|stylelife).*
Lists/Misc
:0:
* (^TO|^From).*(craigslist|thematrixstudio).*
Other/forsale
#:0: OasysBLOCKEXT
#* ^TOoasys-pci@yahoogroups.com
#| sed -e '/^-* Yahoo! Groups Sponsor -*~-~>/,/^-*_->/d' \
# >> Lists/Oasys
#:0: MackieD8BLOCKEXT
#* ^TOmackied8b@yahoogroups.com
#| sed -e '/^-* Yahoo! Groups Sponsor -*~-~>/,/^-*_->/d' \
# >> Lists/MackieD8B
#:0: Pulsar$LOCKEXT
#* ^TOpulsar
##| sed -e '/^-* Yahoo! Groups Sponsor -*~-~>/,/^-*_->/d' \
#| sed -e '//,//d' \
# >> Lists/Pulsar
#get rid of LAM or LAB posts in logic list
#:0:
#* ^TOlogic-users@yahoogroups.com
#* ^Subject: .*(LAM|LAB).*
#/dev/null
#:0:
#* ^TOsamba@
#Lists/Samba
:0: linuxug
#* ^Subject:
* ^TO.*(balug|lugor|svlug|gslug).*
| sed -e 's/^begin /[begin] /' \
>> Lists/Linux/UserGroups
:0: ruby
#* ^Subject:
* (^TO|^From).*(ruby-bounces|zenzpider.com|rubyforge).*
Lists/Ruby
:0: ubuntu
* ^List-Id:.*ubuntu-.[a-zA-Z0-9]+\.lists\.ubuntu\.com
Lists/Linux/Ubuntu
:0: ubuntu
* (^TO|^From).*(ubuntu|fullcirclemagazine.org).*
Lists/Linux/Ubuntu
#:0: gentoo
#* ^List-Id:.*gentoo-.[a-zA-Z0-9]+\.gentoo\.org
#Lists/Linux/Gentoo
#:0: gentoo
#* (^TO|^From).*gentoo.*
#Lists/Linux/Gentoo
#:0: mailman
#* ^TOmailman
#Lists/Linux/mailman
#:0: tux
#* (^TO|^From).*(redhat-list|psyche-list|shrike-list|redhat@info.redhat.com|fedora|tuxmag).*
#Lists/Linux/Linux-All
#:0: exim
#* ^TOexim
#Lists/Linux/exim
#:0: gnome
#* ^Subject:
#* ^TO.*@gnome.org.*
#Lists/Linux/Gnome
#:0: kde
#* ^Subject:
#* ^TO.*kde.org.*
#Lists/Linux/kde
:0: PVR
* (^TO|^From).*(mythtv|thegreenbutton|mcesoft|TiVo|silverstonetek|mediacenter).*
Lists/PVR
:0: PALM
* ^From.*(motionapps|mytreo|shsh|PalmOne|Treo|palmnewsletters.com|openmoko|precentral|palmpre|palmos|Android).*
Lists/Palm
:0: linux
* (^TO|^From).*(linux-dell-laptops|dell-inspiron-8200|noreply@dell.com|US_SMB_Notebook_Support@dell.com|\.dell.com|busenetwork.net|umpcmedia.com).*
Lists/Linux/Dell
:0: linux
* ^From.*(lj-announce@ssc.com|linuxjournal.com|noreply@lists.linuxjournal.com|Linux Journal).*
"Lists/Linux/Linux Journal"
:0:
* ^TO(swn-talk@googlegroups.com|seattlewireless.net|netstumbler@c2security.org|wardriving@michiganwireless.org|Gpsd-users|HostAP|schmoo.com)
Lists/WiFi
:0: ebay
* ^From.*@(ebay.com|paypal.com).*
Other/Ebay
:0:
* ^From.*(fedex.com|usps.com|ups.com|brownpapertickets.com|thinkgeek|woot.com|amazon.com|checkout.google.com).*
Other/Reciepts
:0: carpc
* ^From.*(gnetcanada|audiovox|buygpsnow|xenarc|imobilepc|carmediaconcepts|mp3car.com|scion|yoursciontc|scionlife|fluxmedia.net|streetdeck|centrafuse|dashboarddevices|belkirkbodyshop.com|waphipps|washingtonmovingviolations.com).*
Lists/CarPC
:0: carpc
* ^Subject:.*(infill|G4|CarPC|Car PC|streetdeck|centrafuse).*
Lists/CarPC
:0: techsupport
* (^TO|^From).*(trendnet.com|bugzilla|sourceforge).*
"Other/Technical Support"
:0: guns
* (^TO|^From).*(ilaalerts.org|flexyourrights.org|nranews.org|votetoimpeach.org|northwestfirearms|washingtonarms|midwayusa.com|crimsontrace|spikestactical|magpul|blackhawk|lasermax).*
"Lists/Freedom"
####################################################################
# if these people email me, then page me and let me know immediately.
####################################################################
# Margaret
#:0 c
#* ^From.*([Ss]t[lL]e[jJ]eune@aol.com)
#! page_YOUR_NAME_HERE@YOUR_NAME_HERE.com
####################################################################
# send back contents of current info file upon email request
####################################################################
:0 c
* !^From +YOUR_USERNAME
* !^Subject:.*Re:
* !^FROM_DAEMON
* ^Subject:.*send current info
| (formail -r ; cat ~/current_info.txt) | $SENDMAIL -oi -t
####################################################################
# fudge a bounced message back to someone who sends me HUGE files
####################################################################
:0
* ^From.*(rjen@aol.com)
| (echo "From: POSTMASTER@YOUR_NAME_HERE.com"; \
echo "To: $FROM"; \
echo "Subject: You have lost your email privileges to me"; \
echo "";\
echo "I have banned you from emailing me\n" \
) | $SENDMAIL -oi -t
####################################################################
# Forward anything on for my phone SMS, but filter out the spam!
####################################################################
:0
* ^From.*(alerts@reply.yahoo.com).*
{
:0 c
! YOUR_CELL_HERE@mobile.mycingular.com
:0
SMS
}
:0
* ^TO.*page_YOUR_NAME_HERE.*
{
:0 c
* < 1300
! YOUR_CELL_HERE@mobile.mycingular.com
# :0
# * < 1300
# SMS
}